Privacy Policy
Effective date: 4 May 2025 – Last updated: 4 May 2025
1 Who we are
pcc1.news is an online platform that publishes news, commentary and peer-review highlights about procyanidin, and operates a boutique shop offering pcc1 products. The site is owned and run by 199 Longevity Ltd, a company registered in England and Wales (No. 16267409). For the purposes of the UK GDPR and the EU GDPR, 199 Longevity Ltd is the Data Controller.
You can reach our Data Protection Office at support@pcc1.news or by post to 199 Longevity Ltd, 199 Gloucester Terrace, London W2 6LD, United Kingdom.
2 Personal data we collect
2.1 Data you provide directly
- Account details – email address, password (bcrypt-hashed) and display name when you open a site account.
- Shop checkout information – name, billing and delivery addresses, phone number, items purchased, special instructions.
- Payment data – the last four digits of your card or a transaction ID. Full card numbers never touch our servers; they are handled by our payment service provider.
- Comments and reviews – any information you include in comment fields or product-review boxes.
- Communication records – emails you send to support@pcc1.news or messages submitted through contact forms.
2.2 Data collected automatically
- Server logs – IP address, date and time, requested URL, referrer, user-agent string.
- Cookies and similar technologies:
- Essential cookies that keep you signed in and remember cart contents (GDPR Art. 6 (1)(f)).
- Analytics cookies set by our self-hosted Matomo instance, loaded only after opt-in consent (Art. 6 (1)(a)).
- Preference cookies that store language choice or hide the cookie banner once you have responded.
3 Why we use your data and legal bases
| Purpose | Legal basis | Typical retention |
|---|---|---|
| Creating and managing your account | Performance of a contract (Art. 6 (1)(b)) | Until you delete the account or 24 months of inactivity |
| Fulfilling and shipping orders, processing returns and warranties | Performance of a contract | Seven years, to meet tax-record duties |
| Processing payments and fraud screening | Legitimate interest in secure commerce (Art. 6 (1)(f)) | PSP keeps data per its own statutory obligations (see § 4) |
| Email newsletters and product-launch updates | Consent (Art. 6 (1)(a)) | Until you unsubscribe |
| Publishing comments or product reviews | Consent | While the item/page remains online, unless you ask us to erase it |
| Site analytics and performance tuning | Legitimate interest & consent (split by cookie type) | Raw logs 14 days; aggregated Matomo stats 26 months |
4 Who we share data with
- Payment Service Provider (PSP) – currently Stripe Payments Europe Ltd; receives checkout token, amount and billing postcode to authorise the transaction under PCI-DSS.
- Courier services – Royal Mail, DPD or UPS receive your delivery address and phone/email for tracking notices.
- Email infrastructure – Mailgun (EU zone) delivers order confirmations and newsletters.
- Anti-spam and DDoS protection – Cloudflare processes IP addresses and HTTP headers as our website proxy.
All service partners act under written Data-Processing Agreements that incorporate the European Commission's 2021 Standard Contractual Clauses where required. We never sell or rent your personal data to advertisers.
5 International transfers
Some processors operate outside the UK/EU. Transfers rely on SCCs (Art. 46 GDPR) plus technical safeguards such as TLS 1.3 encryption, at-rest AES-256 encryption and least-privilege API keys.
6 Your rights
You may at any time:
- access the personal data we hold about you;
- ask us to correct inaccurate or incomplete data;
- request deletion of data that is no longer required;
- restrict processing while a challenge is investigated;
- object to direct marketing or other processing based on legitimate interests;
- receive a structured, machine-readable copy of data you provided;
- withdraw any consent you have given, without affecting prior lawful processing.
To exercise any right, email support@pcc1.news with "Data-rights request" in the subject line. We must respond within one calendar month (Art. 12 (3) GDPR).
If you believe we have acted unlawfully, you may complain to the UK Information Commissioner's Office or to your local EEA supervisory authority.
7 Security measures
We protect personal data with:
- full-site HTTPS using TLS 1.3;
- bcrypt-hashed passwords with per-user salts;
- tokenised payments processed only by the PSP;
- daily encrypted off-site backups;
- multi-factor authentication for administrator accounts;
- Web Application Firewall, rate-limiting and automated patch management.
These measures align with GDPR Art. 32 (security of processing).
8 Children
pcc1.news is directed at users aged 16 and over. We do not knowingly collect data from anyone under that age. If you think a minor has provided personal data, please contact us so we can delete it.
9 Changes to this policy
We may revise this notice to reflect legal or operational changes. The "Last updated" line shows the latest version. Material amendments will be announced on the home page and, where appropriate, emailed to registered users at least seven days before they take effect. Continued use after that date constitutes acceptance of the revised policy.
10 Contact us
For any question or concern about privacy at pcc1.news, write to support@pcc1.news or to the Data Protection Office, 199 Longevity Ltd, 199 Gloucester Terrace, London W2 6LD, United Kingdom.